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ABSTRACT 

Chaotic cryptography is based on the properties of chaos 
as source of entropy. Many different schemes have been 
proposed to take advantage of those properties and to de- 
sign new strategies to encrypt information. However, the 
right and efficient use of chaos in the context of crypto- 
graphy requires a thorough knowledge about the dynamics 
of the selected chaotic system. Indeed, if the final encryp- 
tion system reveals enough information about the underly- 
ing chaotic system it could be possible for a cryptanalyst 
to get the key, part of the key or some information some- 
how equivalent to the key just analyzing those dynamical 
properties leaked by the cryptosystem. This paper shows 
what those dynamical properties are and how a cryptana- 
lyst can use them to prove the inadequacy of an encryp- 
tion system for the secure exchange of information. This 
study is performed through the introduction of a series of 
mathematical tools which should be the basic framework 
of cryptanalysis in the context of digital chaos-based cryp- 
tography. 

Index Terms — chaos, cryptography, entropy, wavelet 
transforms 



1. INTRODUCTION 

Chaotic cryptography has been an important research area 
during the last two decades. The properties of chaotic sys- 
tems have been used in very different ways to build new 
cryptosystems. All of those proposals can be classified 
into two big families, which are analog chaos-based cryp- 
tosystems and digital chaos-based cryptosystems. The first 
type of chaotic cryptosystems is based on the chaotic syn- 
chronization technique [1], whereas digital chaotic cryp- 
tosystems are designed for digital computers. The scope 
of this paper is related to the last type of chaotic cryp- 
tosystems. Since the performance and accuracy of digi- 
tal chaotic cryptosytems is a translation of the dynamical 
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properties of the underlying dynamical system, the first 
step in either their design or their analysis comes from 
the evaluation of those properties. This assessment has 
as main goal the verification that the selected dynamical 
system evolves in a chaotic way in the context defined by 
the encryption strategy. Furthermore, it must be confirmed 
the impossibility of guessing the key or part of the key by 
the examination of that chaotic behavior. Indeed, chaotic 
systems exhibit an underlying regularity which could rep- 
resent a problem in the context of chaotic cryptography. 
The present work presents a set of mathematical tools for 
the analysis of the dynamical properties of chaotic systems 
and, consequently, for the detection of design problems in 
digital chaos-based cryptosystems. More specifically, this 
work studies the relationship between the set defined by 
the initial conditions and the control parameter of chaotic 
systems and their temporal evolution. From the point of 
view of the security concerns of cryptography, this work 
is a first step to establish a paradigm of requirements for 
the adequate association of chaotic systems and encryption 
aixhitectures. 



2. CHAOS AND CRYPTOGRAPHY 

The use of chaotic systems in cryptography is motivated 
by the similarity between the needs of cryptography and 
the main characteristics of chaos. Indeed, every cryptosys- 
tem, i.e., every encryption system performs the transfor- 
mation of an input (the plaintext) into an output (the ci- 
phertext or cryptogram) in such a way that the different 
inputs and outputs of the systems are statistically indepen- 
dent. Moreover, this transformation depends on an exter- 
nal parameter called key of the cryptosystem. If a cryp- 
tosystem has been designed in a correct way, then its out- 
put is statically independent from the key and from the 
input. In other words, a good cryptoystem shows diffu- 
sion and confusion properties [2]. The confusion prop- 
erty means that the temporal evolution of the output of 
the cryptosystem is statistically independent from the in- 
put and from the key. Chaotic systems shows an ergodic 
behavior and, consequently, possess inherently the con- 
fusion property with respect to the initial conditions and 
the control parameter(s). On the other hand, the diffusion 
property implies that an small change in the input of the 
cryptosystem is translated into a large modification in the 



output. Chaotic systems are characterized by a high sen- 
sitivity to initial conditions and the control parameter(s) 
and thus chaos can also be used as a source of diffusion. 
Nevertheless, chaotic systems are sustained by an under- 
lying regularity by means of the existence of dense unsta- 
ble periodic orbits which further constitute the skeleton of 
chaos [3, p. 413]. Furthermore, chaotic systems generally 
considered for cryptographic applications are defined in a 
parametric way and not all the values of the control param- 
eter(s) lead to a chaotic behavior As a result, the design 
of a secure and efficient chaos-based cryptosytem requires 
the selection of an encryption architecture that conceals 
the underlying regularity of the chosen chaotic system and, 
at the same time, guarantees that the control parameter(s) 
used in the encryption and decryption processes are those 
which drive the dynamical system into a chaotic behavior 
Concerning this last point, it is highly recommendable to 
use dynamical systems with a large and continuous set of 
values for the control parameter(s) such that evolution in 
a chaotic way is guaranteed. According to all this con- 
siderations, the cryptanalysis work can be only successful 
when a chaotic cryptosystem leaks too much information 
about the dynamics of the underlying chaotic system or 
when the selection of the control parameter(s) is not done 
conveniently. 

3. DETECTION OF NON-CHAOTIC BEHAVIOR 

The scope of this paper is digital chaos-based cryptogra- 
phy and thus the next work is focused on dynamical sys- 
tems defined in discrete time. These dynamical system are 
also called maps and are mathematically defined by a dif- 
ference equation 

xk+i = gifj'^xk), (1) 

where x,g{x) e U G M", being U the phase space, and 
/i is an array of control parameters inV C MP. This sec- 
tion is concerned with the definition of mathematical tools 
to decide whether a digital chaotic cryptosystem defines 
a good framework for the selection of the set of control 
parameters of the underlying chaotic map. 

3.1. Bifurcation diagram 

A first method to detect problems related to the definition 
of the method of selection of values for the array of control 
parameters is based on the evaluation on the asymptotic 
temporal evolution. The temporal evolution or orbit of a 
discrete-time dynamical system is determined for a certain 
initial condition and a certain set of values for the array of 
control parameters as 

j{fi,XQ) ^ {xo,Xi, . . . ,Xn} ■ (2) 

If the considered dynamical system is a chaotic map, then 
the orbit derived from any initial condition covers the whole 
phase space. This characteristic can be verified by plotting 
7(/i, xo) for .To selected randomly in U and /i taking all 



the values in V. This representation is called bifurcation 
diagram and can be used to detect values of /i not leading 
to chaos. As an example, in Fig.[T]the bifurcation diagram 
for the logistic map is shown identifying those inadequate 
values of fi. When considering a chaotic cryptosystem, 
the possibility of selecting those values of ^ associated to 
a non-chaotic behavior implies a degradation of the per- 
formance of the cryptosystem and can be used by a crypt- 
analyst [4,5]. 
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Figure 1. Bifurcation diagram of the logistic map. 



3.2. The Lyapunov exponent 

One important rule for the design of chaotic cryptosys- 
tems is the accurate definition of the key space [6, Rule 
5]. Therefore, cryptanalysis is also concerned with the 
evaluation of the preciseness of the definition of the key 
space. A very useful tool for this assessment is the Lya- 
punov exponent or LE. Indeed, the LE quantifies the local 
divergence of a dynamical system in such a way that a pos- 
itive value of the LE informs of a chaotic behavior More 
rigorously, for a phase space defined in R™ there exist 
TO Lyapunov exponents and chaos exists when the largest 
Lyapunov exponent is positive. The Henon map is a two 
dimensional dynamical system and the control parameter 
vector is given by p = [a,b]. If the Henon is considered 
for cryptographic applications, then the encryption archi- 
tecture must assure that the selection of a and b during 
the encryption/decryption procedure always guarantees a 
positive LE (see Fig. |2]i. Otherwise, a degradation in the 
performance of the cryptosystem is observed as it occurs 
in the cryptosytesm analyzed in [7-9] 

4. EXPLOITING THE LEAKING OF THE 
UNDERLYING CHAOTIC SYSTEM REGULARITY 

Most chaos-based cryptosystems used either the initial con- 
ditions or the control parameter(s) or both as key. There- 
fore, the security of those proposals is very dependent on 
the possibility of estimating the control parameter(s) and/or 
the initial conditions from the information provided by the 
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Figure 2. Determination of the chaotic region of the 
Henon by means of the Lyapunov exponent. 



sibiUty of reconstructing the probabihty distribution func- 
tions of the orbits by means of the histograms of their sam- 
pled versions. If the chaotic map used for encryption has 
good characteristics from the statistical point of view, then 
it is not possible to infer the value of the control param- 
eter(s) from the obtained histograms. Conversely, a bad 
chaotic map generates histograms depending on the value 
of the control parameter(s). A way to use this dependency 
for cryptanalysis is by the Wootters' distance [16] between 
different histograms. In this sense, the histogram obtained 
from the sampled orbit leaked by the cryptosystem is com- 
pared to the histograms generated from a set large enough 
of control parameter(s). The control parameter that gen- 
erates the closest histogram to the one obtained from the 
sampled orbit is considered as an estimation of the control 
parameter used for the encryption. Figure[3]illustrates the 
success of this estimation method for the logistic map. 



cryptosystem. The success of this estimation process is 
something to consider in the design of a new cryptosys- 
tem. Indeed, if it is known how much information can be 
provided to a cryptanalyst without exposing our encryp- 
tion system, then it is possible to build a secure but also 
more efficient cryptosystem. The information that can be 
used by an attacker or cryptanalyst is either part of an or- 
bit or the transformation of part of an orbit of the under- 
lying chaotic system. Actually, that part of an orbit or the 
transformation of the part is associated to a certain initial 
condition and control parameter(s) value. Consequently, 
the cryptanalyst work is focused on looking for one-to- 
one relationship between those samples of orbits or those 
transformation of the samples of orbits. Next some math- 
ematical procedures for this estimation task are shown. 

4.1. Study of histograms and the return map 

In some digital chaos-based cryptosystems the result of 
the encryption procedure, i.e., the different cryptograms 
are given directly by the orbit of some chaotic system [10] 
or by the sampling process on the orbit of a chaotic sys- 
tem [11, 12]. In the first case, the cryptosystem shows a 
clear security problem, since chaotic maps are defined us- 
ing a difference equation which implies that two consecu- 
tive values of an orbit can be used to estimate the control 
parameter value [5]. In the second situation, the orbit is 
sampled and thus it is not possible a direct estimation of 
the control parameter(s) as before. However, it is possible 
to associate those sampling values with the control param- 
eter(s) by either the study of the return map or by an sta- 
tistical treatment. Indeed, according to Kerckhoffs' prin- 
ciple [13, p. 14], the chaotic map used for a certain digital 
chaos-based cryptosystem is known by anyone and, con- 
sequently, a cryptanalyst knows and can study its return 
map. In [14,15], for example, this study is used to estimate 
the control parameter of the logistic map by means of the 
maximum value of its return map. On the other hand, the 
statistical treatment of sampled orbits is based on the pos- 




Figure 3. Estimation of the control parameter of the logis- 
tic map by means of the Wootters' distance. The value of 
fi and the initial condition xo used in the generation of the 
orbit were fi = 3.8947192 and xq = 0.99842379. 



4.2. Analysis of entropy 

In the context of chaos-based cryptography the space of 
cryptograms has an entropy determined mostly by the un- 
derlying chaotic system. Therefore, it is very important 
to verify that the measure of entropy obtained through the 
cryptograms does not allow to guess segments of the plain- 
text or to get a one-to-one relationship with respect to the 
control parameter(s) of the underlying chaotic system. In 
this sense, when selecting the chaotic map and the encryp- 
tion architecture, it is highly advisable to evaluate first the 
entropy of the orbits generated from the map. If this anal- 
ysis is not done, then it could be possible for the crypt- 
analyst to build an attack upon different measures of en- 
tropy depending on the kind of information contained in 
the cryptograms. This is the case of the attack performed 
in [18] on Shannon's measure of entropy. Other mea- 
sures of entropy that could be useful for cryptanalysis are 
the topological entropy [19] and the wavelet entropy [20]. 
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Figure 4. First level of detail of the MultiResolution En- 
tropy of Tsallis of the Henon map with fixed and variable 
control parameters. See [17] for more details about the 
procedure. 



could be a hint for control parameters estimation [29]. As 
an example, the statistical complexity of the logistic map 
with respect to /i is shown in Fig. |5] and it proves that the 
estimation of fi is possible through the statistical complex- 
ity for certain intervals inside the definition space of the 
control parameter. 




Figure 5. Jensen-Tsallis statistical complexity of the lo- 
gistic map for different values of /.i. 



Related to the topological entropy, in the context of dig- 
ital chaos-based cryptosystems, i.e., when dealing with 
chaotic maps it is advisable to work with approximations 
of the topological entropy based on the study of permu- 
tations [21], which allows to develop a theory of discrete 
chaos [22] with clear interest for cryptanalysis [23]. On 
the other hand, the use of wavelets for the determination 
of measures of entropy can be an aid in the analysis of 
the security of chaos-based cryptosystems. For example, 
the theory of wavelets and the figures of entropy defined 
by Shannon and TsalUs can be combined to define a Mul- 
tiResolution Entropy analysis that allows to identify changes 
in the dynamics of a certain dynamical system [17] (see 
Fig. nil. The detection of this changes can lead to the re- 
covery of information or the guessing of the key or part of 
the key of a chaotic cryptosystem, and it can also be per- 
formed through the study of the permutations of the output 
sequence of the cryptosystem [24] . 

4.3. Analysis of statistical complexity 

Another way of getting benefit from the statistical evalua- 
tion of the output of a chaos-based cryptosystem is based 
on the notion of statistical complexity [25]. The statisti- 
cal complexity measures the level of local divergence that 
exists in a dynamical system with respect to the underly- 
ing periodic behavior and, consequently, can be used as a 
causality indicator. In this sense, the statistical complexity 
has been proposed as a test for the evaluation of the quality 
of random number generators [26-28]. Nevertheless, this 
is not its only application in the context of cryptanalysis, 
since it can also be used to find one-to-one relationships 
with respect to the control parameters and, as a result, it 



4.4. Symbolic dynamics 

The study of the dynamics of unimodal maps through a 
discretized version of their phase space is a well known 
area of study in the context of the theory of dynamical 
systems since the seminal contribution of [30]. The con- 
clusions derived from this work has been used for the es- 
timation of the initial condition and the control parameter 
values that lead to a certain discretized version of an or- 
bit associated to an unimodal map [31, 32], which is the 
base of the cryptanalysis done in [18,33,34]. However, the 
theory of symbolic dynamics, i.e., the study of those dis- 
cretized versions of orbits of chaotic maps is not limited 
to unimodal maps. Indeed, the possibility of applying this 
kind of methodology is based on the underlying periodic- 
ity that sustained chaos. In other words, if the phase space 
of a chaotic map is partitioned conveniently and a symbol 
is assigned to each of the derived intervals, then it is pos- 
sible to get the unstable periodic orbits of the system and, 
consequently, to reconstruct its dynamics [35-38]. This is 
very interesting from the point of view of cryptanalysis, 
since it allows to estimate the control parameter and even, 
in some situations, the initial condition used in the genera- 
tion of a time-series from a given chaotic system [39,40]. 

5. CONCLUSIONS 

The present work is a summary of different methods based 
on the theory of dynamical systems that can be used to 
point out some design problems in chaos-based cryptosys- 
tems. The main conclusion derived from the set of tools 



proposed is that the tests of security of conventional cryp- 
tography are not the only to be considered in the context of 
chaotic cryptography. Indeed, either the design or the anal- 
ysis of a chaotic cryptosystem must be done along with a 
thoroughly knowledge about the dynamics of the chaotic 
map selected. Otherwise, the resulting encryption scheme 
could present serious security and efficiency problems. 
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